UniFaaS: A Unikernel-Based Serverless Operating System
Lead Research Organisation:
University of Manchester
Department Name: Computer Science
Abstract
Serverless computing, also know as Function as a Service (FaaS), is an emerging
programming paradigm providing significant benefits for both the tenant (i.e.
the application developer) and the provider in terms of costs reduction,
data centre efficiency, scalability, etc. With its truly on-demand resource
consumption and pricing model, as well as the fact that the tenant is relieved
from any infrastructure management effort, serverless has the potential of
fully delivering on the core promises of cloud computing, and experts agree
that its usage will skyrocket in the years to come.
Serverless computing is made possible by two crucial concepts implemented by
the systems software assuring the execution of functions and running in the
provider's infrastructure: (1) the isolation of the data and performance of
mutually untrusting functions running on the same physical host and (2) the
lightweightness of the systems software supporting the execution of functions,
i.e. the potential for low memory and disk footprint as well as fast invocation
times for this software. The current serverless infrastructures are suboptimal
regarding both concepts as they use a combination of virtual machines (well
isolated but heavyweight) and containers (lightweight but presenting some
serious isolation concerns).
The unikernel is a new Operating System (OS) model in which an application is
executed with a very small custom operating system layer as minimal virtual
machine in the cloud. In effect, unikernels combine the strong isolation of
virtual machines with a container-like level of lightweightness. These
characteristics make that the unikernel is a uniquely fit candidate to run as
serverless infrastructure systems software.
We propose to explore the use of the unikernel OS model as the primary unit of
function execution in a serverless computing infrastructure. We note that
although it presents some fundamental benefits, the unikernel model needs to
evolve to perfectly fit the serverless domain. The principal issue is the lack
of support for important features, namely intra-unikernel isolation and
multi-processing. These shortcomings are not simply due to missing
implementations, but rather derive from fundamental design principles of the
unikernel OS model.
Hence, we propose to design and implement UniFaaS as an evolution of the
unikernel OS model tailored for serverless computing. UniFaaS aims to support
the aforementioned lacking features, while maintaining the isolation and
lightweightness benefits that unikernels naturally offer. UniFaaS will be built
on top of an existing unikernel, namely OSv. The design and development effort
will be made along 3 main avenues: (1) new functionalities development, in
particular multi-process support using threads as well as further
specialisation the towards serverless computing; (2) security enhancements, in
particular the introduction of low-overhead intra-unikernel isolation using
modern hardware technologies; and (3) lightweightness optimisations to further
reduce per-unikernels and per-function memory/disk footprints as well as
boot/invocation time through various methods, in order to increase per-host
function density.
Once UniFaaS is built, we will evaluate its security/isolation,
lightweightness, and performance, by comparing it to traditional serverless
deployments that use virtual machines and containers. Regarding security, we
note that the current metrics to assess isolation (such as counting the number
of lines of code of a software) are rather imprecise and we will develop a
novel method based on the amount of trusted code (guest kernel and/or
hypervisor/host) that can be reached from an untrusted component (application
code, network, etc.).
programming paradigm providing significant benefits for both the tenant (i.e.
the application developer) and the provider in terms of costs reduction,
data centre efficiency, scalability, etc. With its truly on-demand resource
consumption and pricing model, as well as the fact that the tenant is relieved
from any infrastructure management effort, serverless has the potential of
fully delivering on the core promises of cloud computing, and experts agree
that its usage will skyrocket in the years to come.
Serverless computing is made possible by two crucial concepts implemented by
the systems software assuring the execution of functions and running in the
provider's infrastructure: (1) the isolation of the data and performance of
mutually untrusting functions running on the same physical host and (2) the
lightweightness of the systems software supporting the execution of functions,
i.e. the potential for low memory and disk footprint as well as fast invocation
times for this software. The current serverless infrastructures are suboptimal
regarding both concepts as they use a combination of virtual machines (well
isolated but heavyweight) and containers (lightweight but presenting some
serious isolation concerns).
The unikernel is a new Operating System (OS) model in which an application is
executed with a very small custom operating system layer as minimal virtual
machine in the cloud. In effect, unikernels combine the strong isolation of
virtual machines with a container-like level of lightweightness. These
characteristics make that the unikernel is a uniquely fit candidate to run as
serverless infrastructure systems software.
We propose to explore the use of the unikernel OS model as the primary unit of
function execution in a serverless computing infrastructure. We note that
although it presents some fundamental benefits, the unikernel model needs to
evolve to perfectly fit the serverless domain. The principal issue is the lack
of support for important features, namely intra-unikernel isolation and
multi-processing. These shortcomings are not simply due to missing
implementations, but rather derive from fundamental design principles of the
unikernel OS model.
Hence, we propose to design and implement UniFaaS as an evolution of the
unikernel OS model tailored for serverless computing. UniFaaS aims to support
the aforementioned lacking features, while maintaining the isolation and
lightweightness benefits that unikernels naturally offer. UniFaaS will be built
on top of an existing unikernel, namely OSv. The design and development effort
will be made along 3 main avenues: (1) new functionalities development, in
particular multi-process support using threads as well as further
specialisation the towards serverless computing; (2) security enhancements, in
particular the introduction of low-overhead intra-unikernel isolation using
modern hardware technologies; and (3) lightweightness optimisations to further
reduce per-unikernels and per-function memory/disk footprints as well as
boot/invocation time through various methods, in order to increase per-host
function density.
Once UniFaaS is built, we will evaluate its security/isolation,
lightweightness, and performance, by comparing it to traditional serverless
deployments that use virtual machines and containers. Regarding security, we
note that the current metrics to assess isolation (such as counting the number
of lines of code of a software) are rather imprecise and we will develop a
novel method based on the amount of trusted code (guest kernel and/or
hypervisor/host) that can be reached from an untrusted component (application
code, network, etc.).
People |
ORCID iD |
| Pierre Olivier (Principal Investigator) |
Publications
Bitchebe S
(2023)
GuaNary: Efficient Buffer Overflow Detection In Virtualized Clouds Using Intel EPT-based Sub-Page Write Protection Support
in Proceedings of the ACM on Measurement and Analysis of Computing Systems
Islam Naas M
(2021)
EZIOTracer Unifying Kernel and User Space I/O Tracing for Data-Intensive Applications
in ACM SIGOPS Operating Systems Review
Kressel J
(2023)
Software Compartmentalization Trade-Offs with Hardware Capabilities
Lefeuvre H
(2021)
Unikraft and the Coming of Age of Unikernels
| Description | - Isolation within a single address space system, for example a unikernel, can be achieved in a flexible fashion, requiring only lightweight annotations from the application's programmer (https://project-flexos.github.io/) - Compartmentalizing and application of a system (e.g. a unikernel) without considering the safety of the newly created inter-compartments interfaces/API gives close to no security guarantees (https://project-flexos.github.io/) - It is possible to build a unikernel-based FaaS system by adapting existing serverless tools. Early numbers suggest that such as setup is lighter (in terms of memory consumption/boot time) than state of the art solutions based on micro-VMs (URL to be released in the future) |
| Exploitation Route | - FlexOS is open source and can be used/extended by other practitioners/researchers to study new isolation strategies and mechanisms, investigate new isolation technologies, etc. - ConfFuzz is open source and can be used/extended by other practitioners to study the interface security of compartmentalized software |
| Sectors | Aerospace, Defence and Marine,Digital/Communication/Information Technologies (including Software),Education,Electronics,Energy,Retail,Security and Diplomacy,Transport |
| URL | https://project-flexos.github.io/ |
| Description | FlexCap: Exploring Hardware Capabilities in Unikernels and Flexible Isolation OSes |
| Amount | £264,071 (GBP) |
| Funding ID | EP/X015610/1 |
| Organisation | Engineering and Physical Sciences Research Council (EPSRC) |
| Sector | Public |
| Country | United Kingdom |
| Start | 12/2022 |
| End | 11/2024 |
| Description | Microsoft Research PhD Fellowship Award |
| Amount | $15,000 (USD) |
| Organisation | Microsoft Research |
| Sector | Private |
| Country | Global |
| Start | 05/2023 |
| End | 05/2023 |
| Title | Conffuzz Artifacts |
| Description | This repository contains a data set of CIVs generated by ConfFuzz. Please see the paper for more information: Lefeuvre, Hugo, Vlad-Andrei Badoiu, Yi Chien, Felipe Huici, Nathan Dautenhahn, and Pierre Olivier. "Assessing the Impact of Interface Vulnerabilities in Compartmentalized Software." In Proceedings of 30th Network and Distributed System Security (NDSS'23). Internet Society, 2022. |
| Type Of Material | Database/Collection of data |
| Year Produced | 2023 |
| Provided To Others? | Yes |
| Impact | We just open sourced the data set so no particular impact yet. |
| URL | https://github.com/conffuzz/conffuzz-ndss-data |
| Title | FlexOS Artifacts |
| Description | These are the artifacts for our paper "FlexOS: Towards Flexible OS Isolation". The paper was accepted in the ASPLOS'22 conference and we went through artifact evaluation. The artifact contains the source code of FlexOS, the proof-of concept of our flexible isolation approach, along with all scripts necessary to reproduce the paper's measurements and plots. The goal of this artifact is to allow readers to reproduce the paper's results, and build new research on top of FlexOS. Please note that these artifact received the "best artifact award" at the conference (see here: https://asplos-conference.org/). |
| Type Of Material | Database/Collection of data |
| Year Produced | 2022 |
| Provided To Others? | Yes |
| Impact | Received the "best artifact award" at the ASPLOS'22 conference https://asplos-conference.org/. |
| URL | https://github.com/project-flexos/asplos22-ae |
| Description | Collaboration with the Unikraft community |
| Organisation | Karlsruhe Institute of Technology |
| Country | Germany |
| Sector | Academic/University |
| PI Contribution | We are collaborating with the Unikraft (https://unikraft.org/) community on several research avenues. 3 papers, in which Manchester is a major player (the PI's PhD student is 1st author) are accepted in top-tier systems conferences, and more papers are under submission/in the process of being written, with high degrees of involvment from Manchester. |
| Collaborator Contribution | It is variable depending on the partners: - NEC/Unikraft.io: we have regular (weekly) meetings with the CEO and engineers from Unikraft.io, helping to drive the research and participating in paper writing. We also have an engineer from NEC working on a paper effort. - Polytechnic Bucharest: regular meetings with a professor and a PhD student, collaborating on several paper efforts - Lancaster University: regular meetings with a professor and a PhD student, collaborating on several paper efforts - KIT: a MS student from KIT is working on one of our paper efforts as part of his thesis |
| Impact | - Publication: Hugo Lefeuvre, Vlad-Andrei Badoiu, Yi Chen, Felipe Huici, Nathan Dautenhahn, Pierre Olivier, "Assessing the Impact of Interface Vulnerabilities in Compartmentalized Software", Network and Distributed System Security (NDSS) Symposium, 2023. - Publication: Hugo Lefeuvre, Vlad-Andrei Badoiu, Alexander Jung, ?tefan Lucian Teodorescu, Sebastian Rauch, Felipe Huici, Costin Raiciu, and Pierre Olivier, "FlexOS: Towards Flexible OS Isolation", 22nd Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2022. - Publication: Hugo Lefeuvre, Vlad-Andrei Badoiu, ?tefan Teodorescu, Pierre Olivier, Tiberiu Mosnoi, Razvan Deaconescu, Felipe Huici, and Costin Raiciu, "FlexOS: Making OS Isolation Flexible", 18th Workshop on Hot Topics in Operating Systems (HotOS), 2021. - Publication: Alexander Jung, Hugo Lefeuvre, Charalampos Rotsos, Pierre Olivier, Daniel Onoro-Rubio, Mathias Niepert, and Felipe Huici, "Wayfinder: Towards Automatically Deriving Optimal OS Configurations", 12th ACM SIGOPS Asia-Pacific Workshop on Systems (APSys), 2021 - Publication: Hugo Lefeuvre, Gaulthier Gain, Daniel Dinca, Alexander Jung, Simon Kuenzer, Vlad-Andrei Badoiu, Razvan Deaconescu, Laurent Mathy, Costin Raiciu, Pierre Olivier, and Felipe Huici, "Unikraft and the Coming of Age of Unikernels", USENIX ;login:, 2021 - Publication: Hugo Lefeuvre, "FlexOS: easy specialization of OS safety properties", ACM Middleware Doctoral Workshop, 2021. - Talk given at FOSSDEM'22 https://fosdem.org/2022/schedule/event/tee_flexos/ - Tutorial on Unikraft given at ASPLOS'22 https://asplos-conference.org/tutorials/#unikraft |
| Start Year | 2020 |
| Description | Collaboration with the Unikraft community |
| Organisation | Lancaster University |
| Country | United Kingdom |
| Sector | Academic/University |
| PI Contribution | We are collaborating with the Unikraft (https://unikraft.org/) community on several research avenues. 3 papers, in which Manchester is a major player (the PI's PhD student is 1st author) are accepted in top-tier systems conferences, and more papers are under submission/in the process of being written, with high degrees of involvment from Manchester. |
| Collaborator Contribution | It is variable depending on the partners: - NEC/Unikraft.io: we have regular (weekly) meetings with the CEO and engineers from Unikraft.io, helping to drive the research and participating in paper writing. We also have an engineer from NEC working on a paper effort. - Polytechnic Bucharest: regular meetings with a professor and a PhD student, collaborating on several paper efforts - Lancaster University: regular meetings with a professor and a PhD student, collaborating on several paper efforts - KIT: a MS student from KIT is working on one of our paper efforts as part of his thesis |
| Impact | - Publication: Hugo Lefeuvre, Vlad-Andrei Badoiu, Yi Chen, Felipe Huici, Nathan Dautenhahn, Pierre Olivier, "Assessing the Impact of Interface Vulnerabilities in Compartmentalized Software", Network and Distributed System Security (NDSS) Symposium, 2023. - Publication: Hugo Lefeuvre, Vlad-Andrei Badoiu, Alexander Jung, ?tefan Lucian Teodorescu, Sebastian Rauch, Felipe Huici, Costin Raiciu, and Pierre Olivier, "FlexOS: Towards Flexible OS Isolation", 22nd Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2022. - Publication: Hugo Lefeuvre, Vlad-Andrei Badoiu, ?tefan Teodorescu, Pierre Olivier, Tiberiu Mosnoi, Razvan Deaconescu, Felipe Huici, and Costin Raiciu, "FlexOS: Making OS Isolation Flexible", 18th Workshop on Hot Topics in Operating Systems (HotOS), 2021. - Publication: Alexander Jung, Hugo Lefeuvre, Charalampos Rotsos, Pierre Olivier, Daniel Onoro-Rubio, Mathias Niepert, and Felipe Huici, "Wayfinder: Towards Automatically Deriving Optimal OS Configurations", 12th ACM SIGOPS Asia-Pacific Workshop on Systems (APSys), 2021 - Publication: Hugo Lefeuvre, Gaulthier Gain, Daniel Dinca, Alexander Jung, Simon Kuenzer, Vlad-Andrei Badoiu, Razvan Deaconescu, Laurent Mathy, Costin Raiciu, Pierre Olivier, and Felipe Huici, "Unikraft and the Coming of Age of Unikernels", USENIX ;login:, 2021 - Publication: Hugo Lefeuvre, "FlexOS: easy specialization of OS safety properties", ACM Middleware Doctoral Workshop, 2021. - Talk given at FOSSDEM'22 https://fosdem.org/2022/schedule/event/tee_flexos/ - Tutorial on Unikraft given at ASPLOS'22 https://asplos-conference.org/tutorials/#unikraft |
| Start Year | 2020 |
| Description | Collaboration with the Unikraft community |
| Organisation | NEC Corporation |
| Department | NEC Laboratories Europe GmbH |
| Country | Germany |
| Sector | Private |
| PI Contribution | We are collaborating with the Unikraft (https://unikraft.org/) community on several research avenues. 3 papers, in which Manchester is a major player (the PI's PhD student is 1st author) are accepted in top-tier systems conferences, and more papers are under submission/in the process of being written, with high degrees of involvment from Manchester. |
| Collaborator Contribution | It is variable depending on the partners: - NEC/Unikraft.io: we have regular (weekly) meetings with the CEO and engineers from Unikraft.io, helping to drive the research and participating in paper writing. We also have an engineer from NEC working on a paper effort. - Polytechnic Bucharest: regular meetings with a professor and a PhD student, collaborating on several paper efforts - Lancaster University: regular meetings with a professor and a PhD student, collaborating on several paper efforts - KIT: a MS student from KIT is working on one of our paper efforts as part of his thesis |
| Impact | - Publication: Hugo Lefeuvre, Vlad-Andrei Badoiu, Yi Chen, Felipe Huici, Nathan Dautenhahn, Pierre Olivier, "Assessing the Impact of Interface Vulnerabilities in Compartmentalized Software", Network and Distributed System Security (NDSS) Symposium, 2023. - Publication: Hugo Lefeuvre, Vlad-Andrei Badoiu, Alexander Jung, ?tefan Lucian Teodorescu, Sebastian Rauch, Felipe Huici, Costin Raiciu, and Pierre Olivier, "FlexOS: Towards Flexible OS Isolation", 22nd Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2022. - Publication: Hugo Lefeuvre, Vlad-Andrei Badoiu, ?tefan Teodorescu, Pierre Olivier, Tiberiu Mosnoi, Razvan Deaconescu, Felipe Huici, and Costin Raiciu, "FlexOS: Making OS Isolation Flexible", 18th Workshop on Hot Topics in Operating Systems (HotOS), 2021. - Publication: Alexander Jung, Hugo Lefeuvre, Charalampos Rotsos, Pierre Olivier, Daniel Onoro-Rubio, Mathias Niepert, and Felipe Huici, "Wayfinder: Towards Automatically Deriving Optimal OS Configurations", 12th ACM SIGOPS Asia-Pacific Workshop on Systems (APSys), 2021 - Publication: Hugo Lefeuvre, Gaulthier Gain, Daniel Dinca, Alexander Jung, Simon Kuenzer, Vlad-Andrei Badoiu, Razvan Deaconescu, Laurent Mathy, Costin Raiciu, Pierre Olivier, and Felipe Huici, "Unikraft and the Coming of Age of Unikernels", USENIX ;login:, 2021 - Publication: Hugo Lefeuvre, "FlexOS: easy specialization of OS safety properties", ACM Middleware Doctoral Workshop, 2021. - Talk given at FOSSDEM'22 https://fosdem.org/2022/schedule/event/tee_flexos/ - Tutorial on Unikraft given at ASPLOS'22 https://asplos-conference.org/tutorials/#unikraft |
| Start Year | 2020 |
| Description | Collaboration with the Unikraft community |
| Organisation | Polytechnic University of Bucharest |
| Country | Romania |
| Sector | Academic/University |
| PI Contribution | We are collaborating with the Unikraft (https://unikraft.org/) community on several research avenues. 3 papers, in which Manchester is a major player (the PI's PhD student is 1st author) are accepted in top-tier systems conferences, and more papers are under submission/in the process of being written, with high degrees of involvment from Manchester. |
| Collaborator Contribution | It is variable depending on the partners: - NEC/Unikraft.io: we have regular (weekly) meetings with the CEO and engineers from Unikraft.io, helping to drive the research and participating in paper writing. We also have an engineer from NEC working on a paper effort. - Polytechnic Bucharest: regular meetings with a professor and a PhD student, collaborating on several paper efforts - Lancaster University: regular meetings with a professor and a PhD student, collaborating on several paper efforts - KIT: a MS student from KIT is working on one of our paper efforts as part of his thesis |
| Impact | - Publication: Hugo Lefeuvre, Vlad-Andrei Badoiu, Yi Chen, Felipe Huici, Nathan Dautenhahn, Pierre Olivier, "Assessing the Impact of Interface Vulnerabilities in Compartmentalized Software", Network and Distributed System Security (NDSS) Symposium, 2023. - Publication: Hugo Lefeuvre, Vlad-Andrei Badoiu, Alexander Jung, ?tefan Lucian Teodorescu, Sebastian Rauch, Felipe Huici, Costin Raiciu, and Pierre Olivier, "FlexOS: Towards Flexible OS Isolation", 22nd Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2022. - Publication: Hugo Lefeuvre, Vlad-Andrei Badoiu, ?tefan Teodorescu, Pierre Olivier, Tiberiu Mosnoi, Razvan Deaconescu, Felipe Huici, and Costin Raiciu, "FlexOS: Making OS Isolation Flexible", 18th Workshop on Hot Topics in Operating Systems (HotOS), 2021. - Publication: Alexander Jung, Hugo Lefeuvre, Charalampos Rotsos, Pierre Olivier, Daniel Onoro-Rubio, Mathias Niepert, and Felipe Huici, "Wayfinder: Towards Automatically Deriving Optimal OS Configurations", 12th ACM SIGOPS Asia-Pacific Workshop on Systems (APSys), 2021 - Publication: Hugo Lefeuvre, Gaulthier Gain, Daniel Dinca, Alexander Jung, Simon Kuenzer, Vlad-Andrei Badoiu, Razvan Deaconescu, Laurent Mathy, Costin Raiciu, Pierre Olivier, and Felipe Huici, "Unikraft and the Coming of Age of Unikernels", USENIX ;login:, 2021 - Publication: Hugo Lefeuvre, "FlexOS: easy specialization of OS safety properties", ACM Middleware Doctoral Workshop, 2021. - Talk given at FOSSDEM'22 https://fosdem.org/2022/schedule/event/tee_flexos/ - Tutorial on Unikraft given at ASPLOS'22 https://asplos-conference.org/tutorials/#unikraft |
| Start Year | 2020 |
| Title | ConfFuzz |
| Description | This repository contains the main tree of our ConfFuzz proof-of-concept. ConfFuzz is an in-memory fuzzer aimed at detecting interface vulnerabilities in compartmentalized contexts. ConfFuzz is a cooperation between the University of Manchester, University Politehnica of Bucharest, Rice University, and Unikraft.io. It has been accepted to appear in NDSS'23. For more information see the paper Lefeuvre, Hugo, Vlad-Andrei Badoiu, Yi Chien, Felipe Huici, Nathan Dautenhahn, and Pierre Olivier. "Assessing the Impact of Interface Vulnerabilities in Compartmentalized Software." In Proceedings of 30th Network and Distributed System Security (NDSS'23). Internet Society, 2022. |
| Type Of Technology | Software |
| Year Produced | 2023 |
| Open Source License? | Yes |
| Impact | We just open sourced the tool so no impact yet |
| Title | FlexOS |
| Description | At design time, modern operating systems are locked in a specific safety and isolation strategy that mixes one or more hardware/software protection mechanisms (e.g. user/kernel separation); revisiting these choices after deployment requires a major refactoring effort. This rigid approach shows its limits given the wide variety of modern applications' safety/performance requirements, when new hardware isolation mechanisms are rolled out, or when existing ones break. We present FlexOS, a novel OS allowing users to easily specialize the safety and isolation strategy of an OS at compilation/deployment time instead of design time. This modular LibOS is composed of fine-grained components that can be isolated via a range of hardware protection mechanisms with various data sharing strategies and additional software hardening. The OS ships with an exploration technique helping the user navigate the vast safety/performance design space it unlocks. We implement a prototype of the system and demonstrate, for several applications (Redis/Nginx/SQLite), FlexOS' vast configuration space as well as the efficiency of the exploration technique: we evaluate 80 FlexOS configurations for Redis and show how that space can be probabilistically subset to the 5 safest ones under a given performance budget. We also show that, under equivalent configurations, FlexOS performs similarly or better than several baselines/competitors. |
| Type Of Technology | Software |
| Year Produced | 2021 |
| Open Source License? | Yes |
| Impact | Paper accepted at the prestigious A* ASPLOS conference. |
| URL | https://github.com/project-flexos/unikraft |
| Title | FragVisor |
| Description | FragVisor is a hypervisor able to create Virtual Machines that are distributed across several physical machines. Its aim is to tackle the issue of resource fragmentation in the data centre. For more information please see the paper: Ho-Ren Chuang, Karim Manaouil, Tong Xing, Antonio Barbalace, Pierre Olivier, Balvansh Heerekar, and Binoy Ravindran "Aggregate VM: Why Reduce or Evict VM's Resources When You Can Borrow Them From Other Nodes?", EuroSys'23. |
| Type Of Technology | Software |
| Year Produced | 2023 |
| Impact | The software was just released so no impact yet. |
| Title | HermiTux |
| Description | Unikernels are minimal single-purpose virtual machines. They are highly popular in the research domain due to the benefits they provide. A barrier to their widespread adoption is the difficulty/impossibility to port existing applications to current unikernels. HermiTux is the first unikernel providing system call-level binary compatibility with Linux applications. It is composed of a hypervisor and a lightweight kernel layer emulating the load- and runtime Linux ABI. HermiTux relieves application developers from the burden of porting software, while providing unikernel benefits such as security through hardware-assisted virtualized isolation, swift boot time, and low disk/memory footprint. Fast system calls and kernel modularity are enabled through binary rewriting and analysis techniques, as well as shared library substitution. HermiTux's design principles are architecture-independent and we present a prototype on both the x86-64 and ARM aarch64 ISAs, targeting various cloud as well as edge/embedded deployments. We demonstrate HermiTux's compatibility over a range of native C/C++/Fortran/Python Linux applications. We also show that it offers a similar degree of lightweightness compared to other unikernels, and that it performs similarly to Linux in many cases: its performance overhead averages 3% in memory- and compute-bound scenarios, and its I/O performance is acceptable. |
| Type Of Technology | Software |
| Year Produced | 2021 |
| Open Source License? | Yes |
| Impact | 350+ starts on GitHub, discussed on popular professional social networks such as Hacker News and Reddit. |
| URL | https://github.com/ssrg-vt/hermitux |
| Title | Wayfinder |
| Description | Wayfinder is a generic OS performance evaluation platform. Wayfinder is fully automated and ensures both the accuracy and reproducibility of results, all the while speeding up how fast tests are run on a system. Wayfinder is easily extensible and offers convenient APIs to: - Implement custom configuration space exploration techniques, - Add new benchmarks; and, - Support additional OS projects. Wayfinder's capacity to automatically and efficiently explore a LibOS' can be found in the examples/ directory; as well as its ability to efficiently isolate parallel experiments to avoid noisy neighbors. |
| Type Of Technology | Software |
| Year Produced | 2021 |
| Open Source License? | Yes |
| Impact | We extensilvely used Wayfinder for our ASPLOS'22 paper (FlexOS). We are also significantly expanding Wayfinder and plan a submission to a top tier systems conference in 2022. |
| URL | https://github.com/lancs-net/wayfinder |
| Description | FOSDEM 2022 Talk |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Professional Practitioners |
| Results and Impact | FlexOS was presented at the Free and Open source Software Developers' European Meeting (FOSDEM) conference. FOSDEM is a professional practiotioners forum, and our goal was to reach a wider audience (beyond the traditional academic/reaseach and development audience found in systems software conferences). Attendance at FOSDEM is very high: in this year's edition (that was a virtual event) the organizers counted about 23K users in total. We observed 100+ attendants in the virtual room for FlexOS' presentation. In addition to the presentation of FlexOS (https://fosdem.org/2022/schedule/event/tee_flexos/), we were also invited to join the FOSDEM panel entitled "Process-based abstractions for VM-based environments" (https://fosdem.org/2022/schedule/event/tee_discussion/). The presentation and panel participation generated many discussions during and after the conference, and we gathered precious feedback on our research work. |
| Year(s) Of Engagement Activity | 2022 |
| URL | https://fosdem.org/2022/schedule/event/tee_flexos/ |
| Description | FOSDEM 2023 Talk on the Confidential Computing track |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Professional Practitioners |
| Results and Impact | Hugo Lefeuvre gave a talk at FOSDEM'23 in the confidential computing track. The talk was followed by questions from the audience. |
| Year(s) Of Engagement Activity | 2023 |
| URL | https://fosdem.org/2023/schedule/event/cc_online_vulnerabilities/ |
| Description | FOSDEM 2023 Talk on the Microkernel and Component-based OS track |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Professional Practitioners |
| Results and Impact | Pierre Olivier gave a talk at FOSDEM'23 on the Microkernel and Component-based OS track. The talk was followed by questions from the audience, and many request to access the software that was presented. |
| Year(s) Of Engagement Activity | 2023 |
| URL | https://fosdem.org/2023/schedule/event/loupe/ |
| Description | Keynote at the Crackchester Student Association's Hackers' Hub event |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | Local |
| Primary Audience | Undergraduate students |
| Results and Impact | Pierre Olivier gave a keynote on the topic of systems security at the Crackchester Student Association's Hackers' Hub event |
| Year(s) Of Engagement Activity | 2022 |
| URL | https://www.facebook.com/events/534647688274225/?ref=newsfeed |
| Description | Talk at Huawei Paris Global Connect |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Industry/Business |
| Results and Impact | Pierre Olivier was invited to give a talk at Huawei Global Connect, an internal event organised by Huawei in which the company invites researchers from academia to present their work. |
| Year(s) Of Engagement Activity | 2022 |
| Description | Talk at the University of Edinburgh |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Other audiences |
| Results and Impact | Pierre Olivier was invited to give a talk at the Universityof Edinburgh on the topic of unikernels. |
| Year(s) Of Engagement Activity | 2022 |
| Description | Unikraft tutorial at ASPLOS 2022 |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Professional Practitioners |
| Results and Impact | WIth colleagues from Polytechnic Bucharest and Lancaster University we organized a tutorial on Unikraft (the OS used as a basis for FlexOS). The tutorial included a few bits about FlexOS. |
| Year(s) Of Engagement Activity | 2022 |
| URL | https://asplos22.unikraft.org/ |